[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PISA-21-NOV-99-004

To: independence-l@independence.seul.org
Subject: PISA-21-NOV-99-004
From: cogNiTioN <cognition@bigfoot.com>
Date: Mon, 22 Nov 1999 17:30:56 +0000 (GMT)
Delivery-Date: Mon, 22 Nov 1999 11:30:12 -0500
Reply-To: independence-l@independence.seul.org
Sender: owner-independence-l@independence.seul.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              .------------------------------------------------.
              |**** Project Independence Security Advisory ****|
              `-----------* ID: PISA-21-NOV-99-004 *-----------'
               Issued by: David Webster <cognition@bigfoot.com>

Issue Date: 21-NOV-99

Overview: Denial of service attack in syslogd

Affected: Independence Release 6.0-0.8 (Redhat 6.0)

References: RedHat Security Advisory; RHSA-1999:055-01
	    Bugtraq id; #809

                                  -=-=-==-=-=-

Detailed Problem Description:

	The syslog daemon by default used unix domain stream sockets
	for receiving local log connections. By opening a large number
	of connections to the log daemon, the user could make the system
	unresponsive.

	Thanks go to Olaf Kirch (okir@monad.swb.de) for noting the
	vulnerability and providing patches.

Solution:

	Update the affected RPM packages by downloading and
	installing the RPMs listed below. For each RPM, run:

		root# rpm -Uvh <filename>

	where <filename> is the name of the RPM.

	[Note: You need only install EITHER the compiled RPM,
	(*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.]

RPMs:

  ftp://updates.redhat.com/6.0/i386/sysklogd-1.3.31-14.i386.rpm

Source RPMs:

  ftp://updates.redhat.com/6.0/SRPMS/sysklogd-1.3.31-14.src.rpm

Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
8e59b61b8b1a9356ea675d7234b801d8  i386/sysklogd-1.3.31-14.i386.rpm
55cc22adb6b3272ef23763e89309af24  SRPMS/sysklogd-1.3.31-14.src.rpm
- --------------------------------------------------------------------------

These packages are GPG signed by Red Hat, Inc. for security.
Their key is available at: http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

This security advisory, and all future ones should be signed by me,
David Webster (aka cognition), with key ID: 45 FA C2 83

Which is avaliable from: http://www.cognite.net/pgp.html,
			 and most good pgp key servers.

An archive of these messages can be currently be found on:
http://www.cognite.net/indy/

A process of automatic retrival is being worked on.

[Note: these problems were discovered, and fixed by RedHat.]

	.---------------------------------------------------.
	| And problems regarding this, or future advisories |
	| should be emailed to me: <cognition@bigfoot.com>  |
	`---------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Comment: David Webster (aka cogNiTioN) <http://www.cognite.net/>

iD8DBQE4OX3pDdLNO0X6woMRAgRlAJ9/ZDYlXGTURoWT0C1ZcdUsRiNfjgCg5Dez
84zZizyrvkXhn+QaN8KN5Go=
=iIun
-----END PGP SIGNATURE-----

Prev by Date: PISA-18_NOV_99_003
Next by Date: Re: IP Printer Setup
Prev by thread: PISA-18_NOV_99_003
Next by thread: My own idea of the web page
Index(es):
- Date
- Thread